How can I use a script to check whether a group exists in Active Directory (AD), and if not, create it?

A. The following script, which you can download here, tries to bind to a group and if it doesn't find the group, creates it as a global security group. If you require a universal group instead of a global group, replace the ADS_GROUP_TYPE_GLOBAL_GROUP with ADS_GROUP_TYPE_UNIVERSAL_GROUP in the groupType Put command. You also need to replace the values for domainController, contextpath, and groupName.

set objGroup = GetObject("LDAP://CN="&groupName&","&contextpath) If Err.Number = "-2147016656" then 'If group was not found err.clear 'Create the group. Set objGroup = context.Create("Group","cn="&groupName) if err.number0 then wscript.echo "Error creating group " & err.number, err.description err.Clear end if objGroup.Put "sAMAccountName", groupName objGroup.Put "description", "Testing Group" objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _ ADS_GROUP_TYPE_SECURITY_ENABLED objGroup.setInfo if err.number0 then wscript.echo "Error modifying group " & err.number, err.description err.Clear end if end if